CVE-2022-25648
Command Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.
El paquete git versiones anteriores a 1.11.0, es vulnerable a una inyección de comandos por medio de una inyección de argumentos git. Cuando es llamada a la función fetch(remote = "origin", opts = {}), el parámetro remoto es pasado al subcomando git fetch de forma que pueden establecerse flags adicionales. Los flags adicionales pueden ser usados para llevar a cabo una inyección de comandos
A flaw was found in ruby-git, where the package is vulnerable to command injection via the git argument. This flaw allows an attacker to set additional flags, which leads to performing command injections.
Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-24 CVE Reserved
- 2022-04-19 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2025-05-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0 | Release Notes | |
| https://lists.debian.org/debian-lts-announce/2023/01/msg00043.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://snyk.io/vuln/SNYK-RUBY-GIT-2421270 | 2024-09-16 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/ruby-git/ruby-git/pull/569 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Git Search vendor "Git" | Git Search vendor "Git" for product "Git" | < 1.11.0 Search vendor "Git" for product "Git" and version " < 1.11.0" | ruby |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Extra Packages For Enterprise Linux Search vendor "Fedoraproject" for product "Extra Packages For Enterprise Linux" | 8.0 Search vendor "Fedoraproject" for product "Extra Packages For Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||